Monday, April 25, 2005

Building Secure Web Applications using ASP.NET 2.0 ("Whidbey")

In .NET Framework 2.0 ("Whidbey"), ASP.NET has undergone a lot of enhancements. Building secure web applications is one of the aspects that deserves good attention. There are many new features introduced such as Login Control, Membership API and Personalization API which helps in increasing the productivity of developers.

In .NET 1.1, you can leverage the Forms Authentication to take your anonymous users to the login page. The "Login Page" is your call and you need to code the logic for validating a user against his credentails. Now, you dont need to do it in 2.0. Microsoft has provided cool features like Login Control which you can just drag and drop! and use it for validating your users. It has provided controls for Creating, Modifying, Assigning roles and deletion of users. All of this without you writing single code.

In .NET 1.1, Forms Authentication works on Cookie based scenarios. This has been changed and in 2.0, Forms Authentication woirks for both cookie based and cookieless scenarios. So, your .NET 1.1 code will work very well when moved to 2.0 Framework.For Cookie based scenarios, it will work the same as earlier and for Cookie Less Scenarios, the Cookie information is encrypted and attached as a querystring value to the URL. Its a long chunk of characters which determine the User's identity and validity.

The Membership API, allows you to manage users effectively, without writing a single line of code. There is also a Website Administration Tool, which comes automatically and from there you can do a website administration for your applications.In general, the focus has been towards increasing the developer's productivity and automating the plumbing work done which earlier, had to be done manually.For more information check ASP.NET 2.0